{"id":18858,"date":"2018-11-13T20:00:00","date_gmt":"2018-11-13T20:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/risk\/getting-to-know-magecart-an-inside-look-at-7-groups\/d\/d-id\/1333260"},"modified":"2018-11-13T20:00:00","modified_gmt":"2018-11-13T20:00:00","slug":"getting-to-know-magecart-an-inside-look-at-7-groups","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/","title":{"rendered":"Getting to Know Magecart: An Inside Look at 7 Groups"},"content":{"rendered":"<header>\n<\/header>\n<p><span class=\"strong black\">A new report spills the details on Magecart, the criminal groups driving it, and ongoing attacks targeting low- and high-profile victims.<\/span> <\/p>\n<p class=\"\">If you&#8217;re in cybersecurity, you&#8217;ve likely heard of Magecart, the threat operation that&#8217;s quickly gaining notoriety as it ramps up financial data theft across the Internet.<\/p>\n<p>Magecart is an umbrella term for at least seven cybercriminal groups that have been installing digital credit card skims onto e-commerce websites for years. Over the past few months, the operation has gone from relatively unknown to nationally recognized as its victims have expanded from consumers to global brands including British Airways, Ticketmaster, and Newegg.<\/p>\n<p>Researchers from RiskIQ and Flashpoint teamed up to build a timeline of Magecart&#8217;s evolution and detail the threat groups and commercial infrastructure driving its growth. Their report, &#8220;Inside Magecart: Profiling the Groups Behind the Pivotal Credit Card Breaches and the Criminal Underworld that Harbors Them,&#8221; covers past and ongoing Magecart attacks.<\/p>\n<p>RiskIQ threat researcher Yonathan Klijnsma says they&#8217;ve been keeping an eye on Magecart since 2015, when the threat grew out of a single group&#8217;s activities and began putting skimmers on vendor websites. Magecart flew under the radar, infiltrating more than 800 e-commerce sites with card skimmers, until it <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/ticketmaster-breach-part-of-massive-payment-card-hacking-campaign\/d\/d-id\/1332266\" target=\"_blank\">breached<\/a> Ticketmaster UK with a supply chain attack in July 2018. Shortly after, it was <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/british-airways-breach-linked-to-ticketmaster-breach-attackers\/d\/d-id\/1332783\" target=\"_blank\">linked<\/a> to the British Airways hack that affected 380,000 customers.<\/p>\n<p>These attacks on large companies put Magecart in global headlines and could have broader implications among the criminal community as they &#8220;lower barriers of entry and raise excitement for other criminal groups,&#8221; explains Vitali Kremez, director of research at Flashpoint. He calls these high-profile breaches &#8220;pivotal&#8221; and &#8220;fuel for the underground economy.&#8221;<\/p>\n<p>The researchers have tracked each criminal group that makes up Magecart. While groups in this report are well-defined, many more groups and individuals add to the web-skimming threat.<\/p>\n<p><strong>An Introduction to Magecart&#8217;s Groups<\/strong><br \/>Group 1 was first spotted in 2015 and so far has more than 2,500 victims. It cast a wide net with its skimmer, likely using automated tools to compromise websites and upload skimmer code. The original skimmer was made up of JavaScript embedded into e-commerce pages. When someone entered payment card data into a form, the skimmer copied it and sent it to a drop server.<\/p>\n<p>In late 2016, Group 1 began to mimic the activities of Magecart Group 2; now, researchers have combined them into a single entity. Their victims include several thousand stores, the National Republican Senate Committee, and Everlast.<\/p>\n<p>Group 3 has been on researchers&#8217; radar since 2016 and has compromised more than 800 victims. Like some of the other groups, it aims for high attack volume and to snag as many cards as possible. However, it steers clear of high-end web retailers.<\/p>\n<p>Group 3&#8217;s skimmer takes a different approach: Instead of checking the URL to see if the skimmer is running on a checkout page, attackers instead check if any forms on the page hold payment data. If they do, the skimmer steals that information. Its goal is to ensure it has the names and addresses of customers and exfiltrate all of it.<\/p>\n<p>Group 4 is an advanced group that &#8220;is extremely careful&#8221; with skimmer placement, researchers report. It&#8217;s focused on high volumes of compromise with the goal of getting as many cards as possible without specifically targeting anyone. Group 4 tries to blend in with normal Web traffic and registers domains by copying ad providers, victim&#8217;s domains, and analytics providers.<\/p>\n<div class=\"docimage\" align=\"center\" readability=\"4.5789473684211\"><a href=\"https:\/\/www.darkreading.com\/risk\/getting-to-know-magecart-an-inside-look-at-7-groups\/d\/d-id\/1333260?_mc=rss%5Fx%5Fdrr%5Fedt%5Faud%5Fdr%5Fx%5Fx%2Drss%2Dsimple&amp;image_number=1\" target=\"new\"><img decoding=\"async\" class=\"docimage\" src=\"https:\/\/img.deusm.com\/darkreading\/magecart.jpg\" alt=\"(Image: Makistock - stock.adobe.com) \" border=\"0\"\/><\/a> <\/div>\n<p>&#8220;It&#8217;s a different approach to setting up the infrastructure, setting up the skimming,&#8221; says Klijnsma of Group 4. Researchers believe this group stems from another criminal operation involved with malware distribution and hijacking online banking with web injects.<\/p>\n<p>Group 5, which was implicated in the Ticketmaster breach, primarily targets third-party suppliers to maximize its reach. It was first seen in 2016 and so far has 12+ victims. The web supply chain is unique, researchers say, because any service that provides ads, content, analytics, or other functionality can be targeted \u2014 which makes it appealing to Group 5. With one compromise, the group can hit thousands of sites without targeting individual merchants.<\/p>\n<p>&#8220;Something not a lot of companies are realizing is there&#8217;s a supply chain to websites,&#8221; Klijnsma points out. &#8220;Whenever you have a third party executing script on your website, that&#8217;s a risk.&#8221;<\/p>\n<p><strong>Related Content:<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/MarilynCohodas\/BHEURUOPE2018-vplug_Web_Banners_468x60_Sponsor.png\" alt=\"\" width=\"468\" height=\"60\"\/><\/p>\n<p><em><strong>\u00a0<\/strong><\/em><\/p>\n<p><em><strong>Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall.\u00a0<\/strong><\/em><em><strong>Click for information on the <a href=\"https:\/\/www.blackhat.com\/eu-18\/\" target=\"_blank\">conference<\/a>\u00a0and <a href=\"https:\/\/blackhat.tech.ubm.com\/europe\/2018\/?_mc=nlad_x_insecr_le_tsnr_insec_x_x-bht&amp;\" target=\"_blank\">to register.<\/a><\/strong><\/em><\/p>\n<p><span class=\"italic\">Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance &amp; Technology, where she covered financial &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=837\">View Full Bio<\/a><\/span> <\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p> Read More <a href=\"https:\/\/www.darkreading.com\/risk\/getting-to-know-magecart-an-inside-look-at-7-groups\/d\/d-id\/1333260?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new report spills the details on Magecart, the criminal groups driving it, and ongoing attacks targeting low- and high-profile victims. Read More <a href=\"https:\/\/www.darkreading.com\/risk\/getting-to-know-magecart-an-inside-look-at-7-groups\/d\/d-id\/1333260?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-18858","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Getting to Know Magecart: An Inside Look at 7 Groups 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Getting to Know Magecart: An Inside Look at 7 Groups 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-11-13T20:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/magecart.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/getting-to-know-magecart-an-inside-look-at-7-groups\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/getting-to-know-magecart-an-inside-look-at-7-groups\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Getting to Know Magecart: An Inside Look at 7 Groups\",\"datePublished\":\"2018-11-13T20:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/getting-to-know-magecart-an-inside-look-at-7-groups\\\/\"},\"wordCount\":806,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/getting-to-know-magecart-an-inside-look-at-7-groups\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/magecart.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/getting-to-know-magecart-an-inside-look-at-7-groups\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/getting-to-know-magecart-an-inside-look-at-7-groups\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/getting-to-know-magecart-an-inside-look-at-7-groups\\\/\",\"name\":\"Getting to Know Magecart: An Inside Look at 7 Groups 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/getting-to-know-magecart-an-inside-look-at-7-groups\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/getting-to-know-magecart-an-inside-look-at-7-groups\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/magecart.jpg\",\"datePublished\":\"2018-11-13T20:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/getting-to-know-magecart-an-inside-look-at-7-groups\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/getting-to-know-magecart-an-inside-look-at-7-groups\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/getting-to-know-magecart-an-inside-look-at-7-groups\\\/#primaryimage\",\"url\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/magecart.jpg\",\"contentUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/magecart.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/getting-to-know-magecart-an-inside-look-at-7-groups\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Getting to Know Magecart: An Inside Look at 7 Groups\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Getting to Know Magecart: An Inside Look at 7 Groups 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/","og_locale":"en_US","og_type":"article","og_title":"Getting to Know Magecart: An Inside Look at 7 Groups 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-11-13T20:00:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/magecart.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Getting to Know Magecart: An Inside Look at 7 Groups","datePublished":"2018-11-13T20:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/"},"wordCount":806,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/magecart.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/","url":"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/","name":"Getting to Know Magecart: An Inside Look at 7 Groups 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/magecart.jpg","datePublished":"2018-11-13T20:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/magecart.jpg","contentUrl":"https:\/\/img.deusm.com\/darkreading\/magecart.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/getting-to-know-magecart-an-inside-look-at-7-groups\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Getting to Know Magecart: An Inside Look at 7 Groups"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/18858","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=18858"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/18858\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=18858"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=18858"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=18858"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}